Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURITY] Eloquent: use Model::setAttribute method instead of $this->$key #301

Merged
merged 2 commits into from Feb 12, 2013
Merged

[SECURITY] Eloquent: use Model::setAttribute method instead of $this->$key #301

merged 2 commits into from Feb 12, 2013

Conversation

conradkleinespel
Copy link
Contributor

@conradkleinespel conradkleinespel commented Feb 12, 2013

If you validate your models' attributes in per model method like User::setUsernameAttribute(), the validation won't even be done when the Model::fill() is called. This could lead to wrongly formatted data being inserted in your DB just fine if you haven't implemented domain checks on your database server.

@bencorlett
Copy link
Contributor

@bencorlett bencorlett commented Feb 12, 2013

Nice, yep this is good. Tempted to say build failed but that's damn github's fault :P

@conradkleinespel
Copy link
Contributor Author

@conradkleinespel conradkleinespel commented Feb 12, 2013

Haha, thanks, I wouldn't have noticed (there should be an email notification if a build fails, gonna send Github an email about that). Should I make a new commit just to relaunch the build? -_-

@bencorlett
Copy link
Contributor

@bencorlett bencorlett commented Feb 12, 2013

Nah stuff it. Github's API usually stuffs up around 20-30% of builds for my apps, just because of rate limiting. Taylor can see it has worked on 1 version of PHP an that the other one has hung :)
On 13/02/2013, at 8:04 AM, Conrad Kleinespel notifications@github.com wrote:

Haha, thanks, I wouldn't have noticed. Should I make a new commit just to relaunch the build? -_-


Reply to this email directly or view it on GitHub.

@conradkleinespel
Copy link
Contributor Author

@conradkleinespel conradkleinespel commented Feb 12, 2013

Alright, thanks.

taylorotwell added a commit that referenced this issue Feb 12, 2013
[SECURITY] Eloquent: use Model::setAttribute method instead of $this->$key
@taylorotwell taylorotwell merged commit 50453c0 into laravel:master Feb 12, 2013
@taylorotwell
Copy link
Member

@taylorotwell taylorotwell commented Feb 12, 2013

Thanks

@conradkleinespel conradkleinespel deleted the patch-2 branch Feb 12, 2013
joelharkes pushed a commit to joelharkes/framework_old that referenced this issue Mar 7, 2019
dbpolito pushed a commit to dbpolito/framework that referenced this issue Oct 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants